[Crash-utility] [PATCH v4 0/6] Generalize KASLR calculation and use it for KDUMPs
Hatayama, Daisuke
d.hatayama at jp.fujitsu.com
Thu Mar 29 10:24:47 UTC 2018
Sergio,
> -----Original Message-----
> From: Sergio Lopez [mailto:slp at redhat.com]
> Sent: Tuesday, March 27, 2018 7:10 PM
> To: crash-utility at redhat.com
> Cc: anderson at redhat.com; Indoh, Takao
> <indou.takao at jp.fujitsu.com>; Hatayama, Daisuke
> <d.hatayama at jp.fujitsu.com>; Sergio Lopez <slp at redhat.com>
> Subject: [PATCH v4 0/6] Generalize KASLR calculation and use it for KDUMPs
>
> Commit 45b74b89530d611b3fa95a1041e158fbb865fa84 added support for
> calculating phys_base and kernel offset for KASLR-enabled kernels on
> SADUMPs by using a technique developed by Takao Indoh. Originally, the
> patchset included support for KDUMPs, but this was dropped in v2, as it
> was deemed unnecessary due to the implementation of the vmcoreinfo
> device in QEMU.
>
> Sadly, there are many reasons for which the vmcoreinfo device may not be
> present in the moment of taking the memory dump from a VM, ranging from
> a Host running older QEMU/libvirt versions, to misconfigured VMs or
> environments running Hypervisors that doesn't support this device.
>
> This patchset generalizes the kaslr related functions from sadump.c
> moving them to kaslr_helper.c, and makes KDUMP analysis fallback to
> KASLR offset calculation if vmcoreinfo data is missing.
>
> These changes have been successfully tested with a 3.10.0-830.el7.x86_64
> under the following conditions:
>
> - kdump with KASLR and vmcoreinfo
>
> - kdump with KASLR but no vmcoreinfo
>
> - kdump without KASLR ("nokaslr" kernel command line option)
>
> It was also tested that a "crash" patched with these changes still
> builds and runs (live and kdump debugging) on an aarch64 machine.
>
> changelog:
>
> v4:
> - Add missing brackets in map_cpus_to_prstatus_kdump_cmprs (thanks
> Dave)
> - Apply coding style suggestions.
> - Add support for VMWARE VMSS dumps (vmware_vmss)
> - Update copyright and authors on kaslr_helper.c and vmware_vmss.c
>
> v3:
> - Merge *get_cr3 and *get_idtr functions and move them to
> kaslr_helper.c
> - diskdump: drop kaslr_phys_base addition and use
> sub_header_kdump->phys_base instead.
> - Unconditionally call x86_64_virt_phys_base after grabbing phys_base
>
> v2:
> - Limit application to QEMU ELF and QEMU COMPRESSED dumps (thanks Dave)
> - Add support for QEMU COMPRESSED dumps (diskdump)
Sorry for delayed response.
I had been out of office till today due to a cold.
The patch set seems good to me, and
I tested your patch set on sadump dump files using the following
3 kinds of kernel versions with/without KASLR:
- RHEL7.5 RC3
- RHEL7.4 GA
- 4.16.0-rc7
and result was OK.
Thanks for your work.
>
> Sergio Lopez (6):
> Move kaslr related functions from sadump.c to kaslr_helper.c
> Move QEMUCPU* structs from netdump.h to defs.h
> netdump: infer kaslr offset for QEMU ELF dumps without vmcoreinfo
> diskdump: infer kaslr offset for QEMU COMPRESSED dumps without
> vmcoreinfo
> vmware_vmss: infer kaslr offset for VMSS dumps
> kaslr_helper/vmware_vmss: update copyright and authors
>
> Makefile | 7 +-
> defs.h | 43 +++++
> diskdump.c | 66 +++++++-
> kaslr_helper.c | 494
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> netdump.c | 57 +++++++
> netdump.h | 24 +--
> sadump.c | 486
> ++++----------------------------------------------------
> symbols.c | 30 +++-
> vmware_vmss.c | 32 +++-
> vmware_vmss.h | 1 +
> x86_64.c | 34 +++-
> 11 files changed, 788 insertions(+), 486 deletions(-)
> create mode 100644 kaslr_helper.c
>
> --
> 2.14.3
>
>
More information about the Crash-utility
mailing list